Jul. 14, 2023
Over the last year there has been a slow hum, quietly building around the notion of building what has been called an “IPv6-mostly” network. What does this term mean? How do we do it? Why bother? Well, let me attempt to answer those questions. First, what is IPv6-mostly? Thankfully, it is pretty much what it sounds like - a network segment (i.e. a LAN segment) that is mostly IPv6, and only legacy IPv4 where it has to be.
Nov. 4, 2022
IPv6 unique local addressing has been a popular topic over the years. From its humble beginnings, replacing site-local, to the surge of interest within service providers, enterprise, and casual users due to the wealth of content now available on IPv6 and the prevalence of availability within major consumer ISPs, it has become quite a polarizing topic in the technical communities that are diving head first into the modern, current networking protocol - IPv6.
Aug. 3, 2020
It is all too common that smaller shops do not have the resources for a proper test lab. Even with the cost of grey market hardware, and the ease of virtualization, the gap is definitely there - be it time, financial limits, manpower, or even a general malaise toward even asking for something which may get denied. This presents a problem for multiple reasons:
Changes are not staged in a safe environment first - i.
Sep. 8, 2019
Flow data is a critical piece of understanding how your network works what what it is actively doing. It also provides a great baseline and capacity planning tool. However, some of the more feature rich NetFlow and/or sFlow collectors can be quite daunting in their cost and/or complexity to install. ElastiFlow is a great alternative for flow analytics and is built on the well traveled and robust ElasticStack, meaning, its back end is well documented, well supported, and scales exceptionally well.
Jul. 29, 2019
Small to medium ISPs are an interesting phenomenon. Early in my career I was pretty heavily involved in that space, so much of my current thought processes and methodologies are heavily informed by that experience. Something that never ceases to amaze me today is that the practice of scripting and “automating” things seems to have become somewhat of a lost art, or at the very least it is not part of an initial deployment plan.
May. 29, 2019
Years ago I wrote about building a secure network in a box. Over a weekend I decided to revisit this concept thanks to a colleague at work wanting to do something similar. It got me thinking “a lot has changed since I last did this” and it felt like time to revisit it. Well, disappointment wasn’t in the cards because it’s easier, smarter, and more flexible now that it was back then.
Mar. 2, 2019
A few months ago Kevin Myers of IP Architechs introduced me to a really interesting project called FreeRouter. Being that I absolutely love alternative routing platforms and feature complete simulation environments, this really got me going. I tend to define “feature complete” in a routing platform as something that can do both IS-IS and MPLS. Given that there aren’t many platforms that do both correctly or within a reasonable budget, and offer simulation options, I was pretty excited.
Jun. 20, 2015
I recently had a need to test OpenFlow on the brocade ICX 7450 for a fairly good sized, high visibility project. The basic goal is pretty simple, Layer2 path provisioning. Straightforward and fairly well supported in OpenFlow, even from the early days. To do this, the idea was to use a turnkey platform, that way there is one throat to choke if there are issues. I landed on the Brocade Vyatta controller (which is essentially ODL), and the ICX.
Jan. 28, 2015
BigSwitch is making waves again, this time with its Big Cloud Fabric product update. I was lucky enough to get a bit of a preview of what was coming and was pleasantly surprised by the new features, finding them functionally useful for both operators, security folks and management alike. Not only is the fabric fit to operate at hyper scale proportions, they've paid close attention to making such operations even easier.
Jan. 19, 2015
VMWare is a powerful tool, and monitoring is a critical service. How does one monitor such an integral piece of infrastructure, and what do they monitor it with? There are powerful commercial ways of monitoring VMware, however, for those with existing SNMP based systems in place, specifically cacti, there are options. To that end, I'll set aside my strong distaste for SNMP [yet again], because those are for a larger, less useful series of posts.
Sep. 22, 2014
I was recently granted access to the beta BigSwitch Networks lab site, a purpose built classroom in the cloud focused on teaching the BigSwitch SDN environment. I had seen some of the BSN offerings in the past and always held them in high regard, but I was thoroughly impressed with both the completeness of the lab and how polished the controller environment was.At the time of this writing, the lab consists of 3 modules: Building cloud fabric, monitoring fabric and dynamic provisioning of monitoring fabric.
Jan. 11, 2014
I am an absolutely huge fan of statistical and instrumentation data, especially when it comes to traffic analysis, visualization and baselining. I’ve rambled on about the importance of it at every opportunity. As a result of that, I have been doing work with netflow and netflow-like data for a fairly long time. My first collector was the OSU Flow tools based stuff back around 13 years ago. From there I played with all kinds of netflow tools, both commercial and open source, finally settling most of my focus on nfdump and nfsen.
Aug. 7, 2013
Working on some MX series routers recently I encountered a problem I’d never seen before, essentially preventing the configuration from being committed: buraglio@rtr# commit check re0: error: could not open configuration database (juniper.data+) This is a very annoying problem and is terribly inconvenient as you can probably imagine. So, my first instinct is to drop down to the shell and starting hacking at it UNIX style. buraglio@rtr>start shell From there I wanted to see the file system and check out the stats of what it thinks we have.
Jul. 25, 2013
In many environments, the move to virtualization is a path well traveled. My home and lab networks are no exception to this and I’m sure nearly everyone who reads these pages has at least been exposed to it in one way or another. I have played with nearly all of the virtualization platforms and am firmly in the camp that there will be a large segment of networking that will move to a virtualized platform especially in the data center and campus segments.
Jul. 5, 2013
I had the need to build a FlowVisor instance under CentOS. Since nearly all of the docs I could find were for debian, I threw this together. I utilized this GENI doc and the github docs as a simple reference. This is the quick and dirty method I used: Install the prerequisites: sudo yum -y install ant eclipse java-1.6.0-openjdk.x86_64 git sudo yum -y groupinstall “Development Tools” Create my standard directories: mkdir /services cd /services git clone git://github.
Jun. 22, 2013
As much as I like to think I automate everything, I’m pretty bad at writing code to make my life easier since it tends to take me longer to write the code and it tends to make be a bit grumpy (this is eomthing I’m fixing by learning as much code dev as I can during my limited spare time). However, I like to think I can be fairly smart about working around my limited programming skills (think boba fett rather than jedi) by using the tools available to common folk.
May. 19, 2013
I love to be the “uncola” of networking sites. I like interop and I don’t do a lot with Cisco because I don’t have access to much of their gear anymore. So, that being the case, I had a need to bring up a l2circuit (in JunOS speak), or VLL (in Brocade speak) between an MX480 and an MLX. Since they are very different platforms, I had to do some digging and playing around to get it to work.
May. 3, 2013
Jon Langemak has a great write up on building the OpenDaylight controller under CentOS. Since I’ll have to do this a bunch of times, I though tI’d take what he so generously put online and build a very rudimentary script for deploying ODC under CentOS. The prerequisites are that you already have an account and ssh key at the OpenDaylight GIT repo and that you disable SELinux. Here is the script: #!
Apr. 27, 2013
Let me preface this post by saying that I am absolutely not an enterprise IT or systems guy, take everything that I write here on out with that as a side dish. I’m also very, very cheap. That said, one of the things I really like about KVM is the ability to easily view the console of a guest system using free, non-windows software like VNC. However, much like everything in life, there are reasons to do one thing or another.
Apr. 25, 2013
I had been working, off and on, on a how-to for building the daylight openflow controller under CentOS. Most openflow docs and dev are done under ubuntu or debian, and while those are both fantastic alternatives, there are a huge number of folks that will want or need to use RHEL or CentOS. So, seeing as that is the case, having someone be mindful of that is important. When I saw the write up by Jon Langemak, I scrapped my attempt at a how-to since his was so much better.
Mar. 9, 2013
I started working on Juniper equipment around 2002. At my employer, we had an M40 with the serial number 256. We did Layer3 only. I had no idea if the Juniper even did layer2. It certainly wasn’t a layer3 switch like a 6500 like I was used to. It was like a deliciously robust version of any Layer 3 router I’d worked on previously. Over the years Juniper has added a switching line utilizing their FreeBSD based OS, JunOS.
Mar. 1, 2013
I am a network engineer by profession, but with the proliferation of SDN and OpenFlow, I have had to spend a lot of time re-learning a lot of system admin skills that I’d shelved years ago. Now, I’ve been a virtualization user forever. From VMware (Fusion, ESX), VirtualBox, to Parallels, I’ve used them at least in testing if not in production environments. I’d not really spent any mentionable amount of time with XEN, qEMU or KVM, but some projects I was working on suggested it for the virtualization mechanism, so I figured I’d try to pick it up.
Feb. 20, 2013
Recently SI6 released the IPv6 Toolkit 1.3 This release is on the heels of this IETF draft on IPv6 host scanning. It was long thought that scanning an IPv6 network was impossible. The address space was too large and reliably ascertaining the hosts from it would be too time consuming to even attempt. However, as Dr. Hans Zarkov says in the 1980 classic cult film of my youth, Flash Gordon, “You can’t beat the human spirit!
Feb. 15, 2013
It’s no secret that I’m a fan of the model Arista Networks is using to make gear and provide innovative services and products. In my opinion, they’re changing the landscape of campus and data center networking gear. I’m always a fan of the little guy trying to change the world and this falls under that category. For those that don’t know, Arista Networks is a “hardware” networking company that is using merchant silicon wrapped in their custom linux based operating system (which is very much like IOS).
Feb. 4, 2013
A bit of back history: I came from BSD land. I was a FreeBSD user from way back in the 1990s. BSD land is a land of secure boxes and very high uptimes. It’s also a land of arguably clunky package support, a lot of compiling by hand and these days, not nearly as encompassing package and network tuning support. I decided to move to Linux a while ago, reluctantly, and chose Debian as my flavor of choice.
Jan. 31, 2013
Starting from a base CentOS system with nothing configured, and referencing the CentOS wiki, here is how I like to set up a headless virtualbox environment: Disable selinux. It’s overly cumbersome and is enabled by default in CentOS. I like to permanently disable it even though the default is permissive. I ride the edge, I know. vi /etc/selinux/config and change SELINUX=enabled to SELINUX=disabled Then reboot. Using the methodology I originally found found here, I like to install the epel repo using this method: cat <<EOM >/etc/yum.
Jan. 24, 2013
If you are running a network and aren’t using RANCID, you should give it a serious look. RANCID is a cross platform configuration management toolkit for backing up router configurations and certain environmental and hardware information into version control. It’s been around for as long as I can remember and supports nearly every platform I can think of, including a few modules that I cobbled together myself. There is are a few nice web based front ends for CVS and SVN, I prefer to use ViewVC because I have a lot of experience with it, however, there may be cases where a web server isn’t a good option, unavailable or just too much work.
Jan. 9, 2013
I have a bunch of Apple wireless gear at my house. It’s inexpensive, feature rich and easy to maintain. However, with the update to mountain lion a while ago, the ability to install the older Airport Utility stopped. This is annoying since I have what apple now considers “advanced” features like IPv6 at my home and essentially all my gear here is a lab (except for the plex server =) I’ve been spending a lot of time on cacti lately, and I wanted to test out the syslog plugin….
Jan. 4, 2013
It’s always annoying to me, being a convert from *BSD to Linux, that tools lke dig and host aren’t in the minimal base install. I realise that this makes me somewhat of a hypocrite, as I prefer an additive system rather than a subtractive base OS. Nevertheless, I’m continually surprised that “host” isn’t available after installing a minimal CentOS system without adding an additional package. So, since I always forget, here is a quick blog post to remind me and any other converts how to install those tools: yum -y install bind-utils That’s it.
Dec. 15, 2012
Securing SSH is a form or art. It’s often debated, much like blocking all ICMP packets (which I normally disagree with). If you need good proof, read these posts by Bob Plankers. There is a camp that likes to promote moving to a non-standard port. There is a faction that likes to block it completely except from a handful of hosts. Then there are those that like to leave it open all together.
Dec. 8, 2012
I recently had the opportinity to work with the much-anticipated Brocade VDX “Ethernet Fabric” platform. I do admit tha tI’m intrigued by this product. I’d seen it work multiple times in demos and it worked so well and looked to easy that we actively tried to throw curve balls at the demo organizer to prove it wasn’t canned. It succeeded. The hardware hashing across the VLAGs is very slick. The VMware VSwitch integration worked well and was handy.